[debian-mysql] Bug#1053476: Bug#1053476: galera-3: CVE-2023-5157
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 5 20:38:00 BST 2023
Hi Otto,
Thanks for the quick followup.
On Wed, Oct 04, 2023 at 08:59:31PM -0700, Otto Kekäläinen wrote:
> Thanks for reporting this Salvatore!
>
> Are you aware of what plans upstream has?
We are not, basically we require your help for this report for
assessing the issue.
> The Jira MDEV-25068 was fixed in Galera 26.4.12
> (https://releases.galeracluster.com/galera-4.12/release-notes-galera-26.4.12.txt)
> in 2022. i don't see any commits on
> https://github.com/codership/galera/commits/3.x since 2022. i will
> keep an eye for new upstream releases.
>
> I can also review/merge for all Debian and Ubuntu releases still in
> maintenance a patch if somebody wants to submit a Debian-specific fix
> at https://salsa.debian.org/mariadb-team/galera-3/-/merge_requests. On
> a quick look I did not find the 26.4.12 fix
> (https://github.com/search?q=repo%3Acodership%2Fgalera+MDEV-25068&type=commits)
> so I am not aware of any specific commit nor if it can be backported
> to 25.3.37
Do you have a good upstream contact which you could reach out to ask
on more details, references to fixes, etc on the issue?
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list